Computer systems implement a mode referred to as system management mode (SMM) which is a part of system software, namely part of basic input/output system (BIOS). This SMM is executed from a small protected location in system memory, called system management mode random access memory (SMRAM). Some security attacks are based on access to the memory. Also, this memory region is space constrained.
In addition to this protected memory, other secure information is present in a system such as various passwords. The storage location of system passwords is contained in either complementary metal oxide semiconductor (CMOS) or host visible non-volatile memory so a host (e.g., processor or operating system (OS)) can read them. While the passwords themselves can be encrypted, a malicious user can still delete them. Once the passwords are deleted or null, an attacker can set their own passwords, which may lead to various attacks.
Top segment of memory (TSEG) is the portion of system memory (e.g., dynamic random access memory (DRAM)) carved out for BIOS SMM runtime and certain debug usage. Current chipsets may limit this space to 8 megabytes (MB) with 4 MB for BIOS feature space, but with future chipsets this can be much larger. However, all of the TSEG DRAM is stolen from the host below 4 gigabytes (GB). This is a precious resource on platforms and BIOS seeks to minimize its usage (this is especially scarce for 32-bit OS's and Peripheral Component Interconnect (PCI)-Express™ systems where latter memory-mapped I/O is stealing ever more of the resources below 4 GB). Additionally, because of security concerns BIOS may not call outside of SMRAM/TSEG. Thus TSEG RAM provides a limit for all SMM-based features. Additionally, there is no secure BIOS-only non-volatile RAM store because the BIOS flash device is readable by the OS/host. This too may lead to security concerns. For example, various configuration information is stored into unprotected DRAM during a low power state, which can enable a malicious user to access the unprotected data while the DRAM is in a self-refresh state.